See all the new traffic in pic below, those are all bots.
How do I know? Vecause Google adsense doesn’t see any of this traffic.
I use both cloudflare’s anti bot options (Bot Fight Mode and Block AI Bots)
but they easily bypass both.
These bots can even bypass Cloudflare’s Under Attack Mode.
These bots use residential IPs (likely compromised computers) and
cannot be blocked by IP/ASN filters.
Now my site keeps going down because of ‘session full’ errors,
meaning there are way more visitors than the site can handle.
Please someone elevate this to Cloudflare specialists
so they can look into my traffic and hopefully
figure out how they can stop these bots swarms.
Unfortunately, we don’t see the screenshot from your first post which is why we’re asking you to post it. Otherwise, could be some error when uploading it here.
Could you please re-add it again or share ove a 3rd-party service such as ImgBB?
That’s the total traffic from Cloudflare dashboard.
How did you conclude and determine these are all bots?
I lately installed Firefox and it come up with default “tracking protection”, therefrom I don’t see any Google Adsense banners neither Google Analytics is tracking me.
I didn’t clicked anything, it’s pre-installed.
I have to manually disable this, to be able to see back the ads.
Furthermore, I believe Google AdSense has different mechanism to track and count views and clicks.
If you’ve got this feature enabled all the time or partialy on some part of your Website, Google AdSense cannot correctly display the ads neither.
Any other Security settings you could share here with us such as what you’ve configured and how at Cloudflare dashboard for your domain?
Where you see these errors? In your web server log files?
It makes no sense, how can traffic be suddenly multiplied by 20-100 and all these new guys use firefox, when we know chrome accounts for +90% of browsers market share, that is a statistical nonsense. those are bots period. most of them can’t pass the under attack mode although some of these bots can (or at the very least they could in the past). all of them can easily pass other bot fight modes.
Good Sir, your post was extremely unhelpful and overall derailing. If you want to genuinely help, please escalate this to Cloudflare devs.
Bots, crawlers, etc. and even HTTP DDoS spam as well.
Feel free to write feedback to the support:
In such case, please do consider using the tactics for manual mitigation for help from below article and upgrade your plan type to at least Pro plan for better security options related to the customization, control and analytics:
Is there no one here who can forward this problem to Cloudflare devs? god damn we’re talking about hundreds thousands bots who bypass your firewall and anti-ddos with ease. How are we not able to forward this to cloudflare devs? This is truly stupid.
Note that the Cloudflare unique visitors graph includes all bot traffic, whether blocked by Cloudflare or not, so you need to show traffic from your origin to indicate what it getting through.
I understand your frustration regarding the issue you’re experiencing with bot traffic and Cloudflare’s firewall. It’s certainly important to address concerns like these effectively.
On a side note, maintaining a respectful tone in the forum ensures a productive discussion and increases the likelihood of receiving assistance. If you’re unsure about the forum’s guidelines, you can review them https://community.cloudflare.com/faq.
Thank you for considering above.
Furthermore, share as much technical information as possible so we could help further as this helps the Cloudflare developers understand and address the problem more effectively who read those forums as well.
Maybe those hosts stopped attacking when you enabled UAM.
You mentioned there were a lot of Firefox requests, take a look at the user agent and if it’s an old version (often these are not updated by the users of such tools), use a WAF rule to challenge or block those requests.
You haven’t given any indication of how many requests this involves, at the Cloudflare edge and at your origin, or your domain name so it’s very difficult to advise further beyond what has already been suggested.
this is very unclear, why half the bots stop coming and the other half keeps coming?
I haven’t said anything about these bots using firefox, let’s stop derailing please.
Here are the facts I could gather, I’m facing hundreds thousands content scrapping bots which can bypass cloudflare anti-bots options (bot fight and AI bot), half of these bots can bypass under attack mode. these bots use residential IPs. I could not find any other relevant data about these bots.
only way to get this solved is to forward this to cloudflare devs, otherwise cloudflare support is pretty much useless, a waste of time.
Cloudflare will consistently show more requests than Google analytics. It’s measuring different things.
What do you see I. wAF events and what do you see on your origin server? Beyond enabling under attack mode what other rules have you applied/ what common characteristics have you identified on the origin server for the traffic you consider to be bots / not legitimate?
ok I have compared my own traffic logs to cloudflare and I can indeed confirm the bots do not bypass “under attack” mode, however they do bypass the “bot fight” and “AI bots” modes. as I’ve said in the opening post, my site went down over this flood of bots, the mysql database could not keep up with the amount of sessions opened and got stuck in “session full” error.
other WAF rules I use is heavy filtering of hosting ASN, and rate limiting.
I suspect the guy behind these bots has been there since forever hammering my site but has switched to residential botnet because of the rate limiting I recently set up.
Please forward this to cloudflare devs because the under attack mode has nasty effects on legitimate traffic and adsense, can not keep it up for long. Protection agaisnt these botnets should be included in the bot fight mode.
This is a community forum, Cloudflare devs don’t talk to me these days unless I am buying them beers. If you have a paid account, you should open a support ticket and provide them detailed examples.
